Purloined Apple IDs: Either the FBI or AntiSec is lying

Constantine von Hoffman |
Sept. 6, 2012

An anti-government hacktivist group says it stole millions of Apple IDs from an FBI agent's laptop. The FBI says it never had any of the data. Somebody is lying, according to CIO.com blogger Constantine von Hoffman, and it shouldn't take long to figure out who it is. Here's why.

Von Hoffman's Law says, "'People are stupid' must be the first reason considered as an explanation for any event." But even so, I find the two explanations of FBI involvement very hard to believe. (Please feel free to offer other possible theories in the comments section below.) This is not because of any deep-seated trust in the FBI. I live in Boston where the Bureau spent decades protecting murderous thug James M. "Whitey" Bulger from other law enforcement agencies.

It's AntiSec's original claims that rub me the wrong way. First, it says it got the info from a device used by an FBI agent named Christopher K. Stangl. Mr. Stangl is a real person and is in fact an FBI agent. He was featured in a 2009 recruitment video titled "Wanted by the FBI: Cyber Security Experts."

In other words, it would truly be poetic irony if Special Agent Stangl's computer was broken into. The irony level is so high it makes me suspicious. I'm not saying it didn't happen, but it seems too perfect. It will need to be substantiated by someone other than the group trying to get some attention from the press for me to believe it.

AntiSec's methods of obtaining the info also seem fishy. It says it got the data last March by exploiting a Java security problem--not the recently-discovered Java security problem, but an earlier one. This strikes me as another suspicious coincidence. Java security issues have been all over the news lately. Then, voila!, it's also the cause of this alleged leak. Again, I'm not saying it didn't happen, but I'm suspicious.

I do not think we will have to wait long to find out the truth. If AntiSec does have the data it now has to release the information in some form or the public won't believe it. Not terribly long after the group does that, someone in the IT Sec community will figure out where the data likely came from. Then those folks will likely track the data's possible provenance.